Fedora 37 : openssl (2022-1c20b4dde2)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1c20b4dde2 advisory. Automatic update for openssl-3.0.5-1.fc37. Changelog Tue Jul 5 2022 Clemens Lang - 1:3.0.5-1 - Rebase to upstream version 3.0.5 Related: rhbz2099972...

Fedora 41 : pypy (2024-22a01aab2f)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-22a01aab2f advisory. Automatic update for pypy-7.3.16-2.fc41. Changelog Thu Aug 1 2024 Miro Hronok - 7.3.16-2 - Security fix for CVE-2024-6345 in bundled setuptools wheel - Fixes...

Wrap Up the Year with the Biggest Scope and Rewards Yet: Join the Wordfence Bug Bounty Program End of Year Holiday Extravaganza!

The holidays are here, and so is your chance to earn big while helping secure the WordPress ecosystem! For all submissions to our Bug Bounty Program from November 12, 2024, to December 9, 2024 , we’re rolling out our End of Year Holiday Extravaganza promotion to give back to our security...

SUSE CVE-2021-21367

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running in discoverable mode, Bluetooth service requests and pairing requests are automatically accepted, allowing physically...

WordPress Autoglot – Automatic WordPress Translation plugin <=2.4.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Autoglot – Automatic WordPress Translation versions = 2.4.7...

Observing Spin Apps with OpenTelemetry and the .NET Aspire Dashboard

Observe Spin apps locally using automatic instrumentation, the otel plug-in, and the .NET Aspire dashboard for logs, metrics, and traces...

CVE-2024-11021

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser...

CVE-2024-11021

CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...

Exploit for CVE-2024-50493

CVE-2024-50493 Automatic Translation = 1.0.4 - Unauthentic...

PYSEC-2024-201

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

CVE-2024-49377 Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

WordPress wp-automatic Plugin SQLi Admin Creation

This module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions use exploit/multi/http/wpautomaticsqlitorce msf exploitwpautomaticsqlitorce show targets ...targets... msf exploitwpautomaticsqlitorce set TARGET msf exploitwpautomaticsqlitorce show...

Patch now! New Chrome update for two critical vulnerabilities

Google has released an update for its Chrome browser which includes patches for two critical vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. The easiest way to update Chrome is to allow it to update automatically...

WordPress WP-Automatic SQL Injection Exploit

This Metasploit module exploits an unauthenticated SQL injection vulnerability in the WordPress wp-automatic plugin versions prior to 3.92.1 to achieve remote code execution. The vulnerability allows the attacker to inject and execute arbitrary SQL commands, which can be used to create a maliciou...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS and watchOS. Especially important are the updates for iOS and iPadOS which tackle vulnerabilities which could potentially leak sensitive user information. You should make sure you update as soon as y...

CVE-2024-6868

CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...